A computer virus refers to a set of self-reproduceable computer instructions or program codes, which can be implanted in computer programs by a programmer to destroy computer functions or corrupt data so as to affect the use of the computer.
With popularization of computer applications and rapid development of the Internet, computer viruses are spreading at a surprisingly high speed. To protect computer resources against the computer viruses, a security software is provided in the prior art. The security software is a program tool, which can remove almost all known program codes with damages to computers, such as a virus, a Trojan.
A main task of the security software is to implement real-time protection and file scanning.
The real-time protection generally refers to an operation mode in which the system execution process is synchronously monitored by the security software, for example, an antivirus software monitors a memory of the computer and calls system files. That is, when the security software performs the real-time protection, an application program of the security software will scan an object before it is accessed, in order to find some potential virus; and if the virus is found in the object, the application program will remove the infected object or prevent the infected object from being accessed.
The file scanning generally refers to anther operation mode in which files in a disk or a memory of the computer system are checked by the security software to decide whether the files in the disk or the memory conforms to a security standard of the security software based on the determination of the security software.
In implementing the invention, an inventor found that there are at least following problems in the prior art.
The real-time protection and the file scanning provided by the security software are operated independently from each other, that is, the security task conducted by the real-time protection mode has no interaction with that conducted by the file scanning mode. This may be convenient for the management and application of the security software, some viruses, however, are likely to be ignored. For example, presently there is a type of maternal virus, which itself may have or do not have a damage capability but can release a subprogram or a sub-file and put the subprogram or the sub-file into a file directory which seems to be irrelevant to the maternal virus or into a random file directory, and the subprogram or the sub-file released by the maternal virus has a damage behavior such as a damage to the computer or embezzlement of user information. It is very difficult for the existing security software to thoroughly remove such virus, that is, only the subprogram or the sub-file released by the maternal virus can be removed, but the maternal virus located at somewhere of the computer cannot be searched out and effectively removed, so that a user will meet the following cases when using the security software: (1) after a threat is founded and removed by the real-time protection, the threat may be found yet again; (2) after a threat is found and removed by the file scanning, the threat may be found yet again; (3) after a threat is found and removed by the file scanning, a similar threat may be found yet again; and (4) after a threat is intercepted and removed by the real-time protection, the threat may also be scanned by the file scanning. With the existing file scanning, a virus within the computer system cannot be thoroughly removed, thereby seriously affecting the capability of removing the threats, so that the process for searching and removing the virus scanning has a low efficiency.